Cryptography comparison

Symmetric vs Asymmetric Encryption

Every secure system you build — HTTPS, SSH, JWT signing, database encryption, code signing — relies on one or both of these encryption models. Understanding the trade-offs between them, and the English vocabulary engineers use to discuss them, is essential for any developer working with security.

TL;DR

  • Symmetric encryption — one shared secret key encrypts and decrypts. Very fast. Standard algorithm: AES-256-GCM. Problem: how do you securely share the key with the other party?
  • Asymmetric encryption — a public/private key pair. The public key is shared freely; the private key is never transmitted. Solves the key exchange problem, but 100–1,000× slower than symmetric. Standard algorithms: RSA, ECDH, ECDSA, Ed25519.
  • TLS uses both: asymmetric cryptography (ECDH) during the handshake to agree on a fresh session key, then symmetric encryption (AES) for all data transfer. You get the security of one and the speed of the other.

Side-by-side comparison

AspectSymmetricAsymmetric
KeysOne shared secret keyKey pair: public key + private key
SpeedVery fast — suited for bulk dataSlow — 100–1,000× slower than symmetric
Key distributionHard — both parties need the secret key in advanceEasy — publish the public key; only protect the private key
Key size (equivalent security)AES-128 or AES-256RSA-3072 ≈ AES-128; ECC-256 ≈ AES-128
Digital signaturesNot suitable — shared key means no attributionYes — sign with private key, verify with public key
Common algorithmsAES (GCM mode), ChaCha20-Poly1305, 3DES (legacy)RSA, ECDH, ECDSA, Ed25519, X25519
Primary use caseBulk data encryption: disk, database, TLS session dataKey exchange, certificates, digital signatures, SSH auth
Role in TLS/HTTPSEncrypts application data after the handshake (session key)ECDH key exchange + RSA/ECC certificate during handshake
PKI involvementNone directlyCentral to PKI — certificate authorities sign public keys

What is symmetric encryption?

Symmetric encryption uses a single key for both encryption and decryption. If Alice encrypts a file with key K, Bob must also possess key K to decrypt it. The same key is used in both directions — hence "symmetric".

The dominant symmetric cipher is AES (Advanced Encryption Standard), standardised by NIST in 2001. AES-256-GCM is the modern recommended mode: 256-bit key, counter-mode encryption (fast, parallelisable), plus a Galois/Counter Mode authentication tag to detect tampering — making it authenticated encryption.

Symmetric encryption is extremely fast. Modern CPUs include hardware AES-NI instructions that can encrypt several gigabytes per second with negligible CPU overhead. This is why AES is used for disk encryption (BitLocker, FileVault, LUKS), database column encryption, file archives (ZIP, 7-Zip), and TLS session data transfer.

The fundamental weakness is the key exchange problem: both parties must already share the secret key before they can communicate. If you transmit the key over an insecure channel, an eavesdropper captures it and can decrypt everything. This is exactly the problem asymmetric encryption was invented to solve.

# Python example: AES-256-GCM symmetric encryption
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import os

key = os.urandom(32)          # 256-bit key — keep this secret
nonce = os.urandom(12)        # 96-bit nonce — unique per message, not secret
plaintext = b"sensitive payload"

aesgcm = AESGCM(key)
ciphertext = aesgcm.encrypt(nonce, plaintext, associated_data=None)
recovered = aesgcm.decrypt(nonce, ciphertext, associated_data=None)
# recovered == plaintext

What is asymmetric encryption?

Asymmetric encryption uses a mathematically linked key pair. The public key is published openly — anyone can use it to encrypt a message or verify a signature. The private key is kept secret by its owner — only the owner can decrypt messages encrypted with the corresponding public key, or produce a valid signature.

The best-known algorithm is RSA, whose security relies on the difficulty of factoring large integers. RSA requires large keys (2,048–4,096 bits) and is being superseded by ECC (Elliptic Curve Cryptography), which achieves equivalent security with much smaller keys — a 256-bit ECC key is roughly as secure as a 3,072-bit RSA key, resulting in faster handshakes and lower bandwidth.

Asymmetric cryptography underpins PKI (Public Key Infrastructure): Certificate Authorities (CAs) use their private key to sign website certificates, binding a domain name to a public key. Browsers trust these signatures because the CA's root certificate is pre-installed. This is the foundation of HTTPS.

# Python example: RSA signing (digital signature)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa, padding

# Key generation (done once; store private key securely)
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
public_key = private_key.public_key()

message = b"deploy approved by alice"

# Alice signs with her private key
signature = private_key.sign(message, padding.PKCS1v15(), hashes.SHA256())

# Anyone can verify with Alice's public key
public_key.verify(signature, message, padding.PKCS1v15(), hashes.SHA256())
# Raises InvalidSignature if tampered

The HTTPS handshake — how they work together

When your browser connects to an HTTPS site, TLS 1.3 runs a hybrid protocol:

  1. Certificate check (asymmetric): the server sends its TLS certificate, which contains its public key, signed by a CA. The browser verifies the CA's signature.
  2. Key exchange (asymmetric — ECDH): both sides contribute ephemeral key-exchange values. Mathematics derived from elliptic curves lets them derive the same shared secret without ever transmitting it. An eavesdropper who captures the exchange cannot compute the secret — this provides forward secrecy.
  3. Session keys derived: from the shared secret, both sides derive symmetric AES session keys.
  4. Data transfer (symmetric — AES-256-GCM): all application data is encrypted and authenticated with AES. Fast, low overhead.

This hybrid model is why TLS is both secure and fast: asymmetric cryptography handles the key exchange problem; symmetric cryptography handles the data.

How engineers talk about this

Symmetric encryption

  • "We encrypt at rest with AES-256-GCM and a randomly generated IV per record."
  • "The session key is 128 bits, ephemeral — generated fresh for each TLS connection."
  • "We use a key derivation function — PBKDF2 with a per-user salt — to turn the password into an AES key."
  • "The symmetric key is stored in AWS KMS, not in the application config."

Asymmetric encryption

  • "The server's public key is in the TLS certificate — anyone can verify it."
  • "The JWT is signed with RS256 — RSA signature, SHA-256 hash; verified with the public key."
  • "We use Ed25519 for SSH key auth — it's faster and safer than RSA-2048."
  • "The certificate chain roots back to a CA that's in the browser's trust store."

TLS and PKI

  • "TLS 1.3 uses ECDH key exchange — we get forward secrecy on every connection."
  • "The handshake is the expensive part; the symmetric session is cheap."
  • "Our cert expired — we need to renew and redeploy before the 90-day Let's Encrypt cutoff."
  • "We pin the public key hash in the app to prevent MITM with rogue certificates."

Security discussions

  • "Symmetric keys must be rotated regularly — our KMS does that automatically."
  • "A man-in-the-middle attack is only possible if the attacker can forge a certificate — that's why CA trust matters."
  • "We need perfect forward secrecy — ephemeral ECDH, not static RSA key exchange."

Quick decision guide

  • Encrypting files, database columns, or disk volumes → Symmetric (AES-256-GCM)
  • Securely exchanging a key with a stranger over the internet → Asymmetric (ECDH / X25519)
  • Proving who sent a message or signed a build artefact → Asymmetric (ECDSA, Ed25519, RSA)
  • Setting up HTTPS / TLS → Both (ECDH handshake + AES session)
  • SSH server authentication → Asymmetric key pair (Ed25519 recommended)
  • Encrypting backups with a passphrase → Symmetric + KDF (AES + Argon2 / PBKDF2)
  • Signing JWT tokens for a public API → Asymmetric (RS256 or ES256)
  • Signing JWT tokens for an internal service with a shared secret → Symmetric (HS256)

Frequently asked questions

What is the main difference between symmetric and asymmetric encryption?

Symmetric encryption uses a single shared secret key for both encryption and decryption — both parties must already possess the same key. Asymmetric encryption uses a mathematically linked key pair: a public key (shared freely) for encrypting data, and a private key (kept secret) for decrypting it. Symmetric encryption is fast but has a key distribution problem; asymmetric encryption solves key distribution but is significantly slower.

What is AES and why is it the go-to symmetric cipher?

AES (Advanced Encryption Standard) is a block cipher that processes data in 128-bit blocks using keys of 128, 192, or 256 bits. Selected by NIST in 2001 after an open international competition, AES is extremely fast — especially with hardware AES-NI acceleration available in virtually all modern CPUs. It has no known practical weaknesses and is used everywhere: disk encryption (BitLocker, FileVault, LUKS), TLS data-transfer sessions, encrypted database columns, and file archives.

What is RSA and when should I use it?

RSA is the most widely deployed asymmetric algorithm. Its security relies on the computational difficulty of factoring the product of two large prime numbers. RSA is used for TLS certificate signing, encrypting small payloads (such as a symmetric session key), and digital signatures. It is far slower than AES and requires large key sizes (2048–4096 bits), so it is never used to encrypt bulk data — only to establish or authenticate a session.